1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<!--Converted with LaTeX2HTML 96.1-h (September 30, 1996) by Nikos Drakos (nikos@cbl.leeds.ac.uk), CBLU, University of Leeds -->
<HTML>
<HEAD>
<TITLE>Disabling a user temporarily</TITLE>
<META NAME="description" CONTENT="Disabling a user temporarily">
<META NAME="keywords" CONTENT="sag">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<LINK REL=STYLESHEET HREF="sag.css">
</HEAD>
<BODY LANG="EN" >
<A NAME="tex2html1508" HREF="node96.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1506" HREF="node86.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1502" HREF="node94.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1510" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1511" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME="tex2html1509" HREF="node96.html">Backups</A>
<B>Up:</B> <A NAME="tex2html1507" HREF="node86.html">Managing user accounts</A>
<B> Previous:</B> <A NAME="tex2html1503" HREF="node94.html">Removing a user</A>
<BR> <P>
<H1><A NAME="SECTION001050000000000000000">Disabling a user temporarily</A></H1>
<P>
It is sometimes necessary to temporarily disable an account,
without removing it. For example, the user might not have paid
his fees, or the system administrator may suspect that a cracker
has got the password of that account.
<P>
The best way to disable an account is to change its shell
into a special program that just prints a message. This
way, whoever tries to log into the account, will fail,
and will know why. The message can tell the user to
contact the system administrator so that any problems
may be dealt with.
<P>
It would also be possible to change the username
or password to something else, but then the user
won't know what is going on. Confused users mean more
work.<A NAME="tex2html45" HREF="footnode.html#2818"><IMG ALIGN=BOTTOM ALT="gif" SRC="./foot_motif.gif"></A>
<P>
A simple way to create the special programs is to write
`tail scripts':
<BLOCKQUOTE> <PRE>#!/usr/bin/tail +2
This account has been closed due to a security breach.
Please call 555-1234 and wait for the men in black to arrive.</PRE></BLOCKQUOTE>
The first two characters (`<code>#!</code>') tell the kernel that
the rest of the line is a command that needs to be run to
interpret this file. The <tt>tail</tt><A NAME="2907"> </A> command in this case
outputs everything except the first line to the standard
output.
<P>
If <tt>billg</tt> is suspected of a security breach,
the system administrator would do something like this:
<BLOCKQUOTE> <TT>
<code>#</code> <i>chsh -s /usr/local/lib/no-login/security billg</i> <BR>
<code>#</code> <i>su - tester</i> <BR>
<code>This account has been closed due to a security breach.</code> <BR>
<code>Please call 555-1234 and wait for the men in black to arrive.</code> <BR>
<code>#</code>
</TT></BLOCKQUOTE>
The purpose of the <tt>su</tt><A NAME="2909"> </A> is to test that the change worked,
of course.
<P>
Tail scripts should be kept in a separate directory,
so that their names don't interfere with normal user
commands.
<P>
<BR> <HR>
<P><ADDRESS>
<I>Lars Wirzenius <BR>
Sat Nov 15 02:32:11 EET 1997</I>
</ADDRESS>
</BODY>
</HTML>
|
